chore: untrack repo-batcher-demo ELF binary (Item 83 residual)

[hyperpolymath]

Discharges the last open Estate gitignore audit (Item 83) residual.

scaffoldia/repo-batcher/build/repo-batcher-demo — ELF 64-bit, not stripped, ~558 KB — was a pre-ignore committed artifact (committed 4da0a19, 2026-05-16). scaffoldia/.gitignore:86 build/ already ignores build/, so once untracked it regenerates on demand and stays out of the tree. No .gitignore change required. History retains the bytes.

Authorized by the reposystem#53 do-or-delete decision: DO — reposystem is canonical for repo-batcher; keep it and port the V CLI/FFI layer to Zig (tracked separately). This untrack is the binary-handling consequence of that decision, not an independent strip.

Refs #53.

[github-actions]

🔍 Hypatia Security Scan

Findings: 195 issues detected

Severity	Count
🔴 Critical	14
🟠 High	112
🟡 Medium	69

⚠️ Action Required: Critical security issues found!

View findings

[
  {
    "reason": "Issue in quality.yml",
    "type": "missing_workflow",
    "file": "quality.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "Issue in security-policy.yml",
    "type": "missing_workflow",
    "file": "security-policy.yml",
    "action": "create",
    "rule_module": "workflow_audit",
    "severity": "medium"
  },
  {
    "reason": "Action hyperpolymath/standards/.github/workflows/governance-reusable.yml@main needs attention",
    "type": "unpinned_action",
    "file": "governance.yml",
    "action": "pin_sha",
    "rule_module": "workflow_audit",
    "severity": "high"
  },
  {
    "reason": "TypeScript file detected -- banned language",
    "type": "banned_language_file",
    "file": "/home/runner/work/reposystem/reposystem/tools/rsr-certified/extensions/vscode/src/extension.ts",
    "action": "flag",
    "rule_module": "cicd_rules",
    "severity": "critical"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (5 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/reposystem/reposystem/stateful-artefacts/browser-extension/scripts/popup.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (1 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/reposystem/reposystem/stateful-artefacts/browser-extension/scripts/content.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (4 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/reposystem/reposystem/stateful-artefacts/dashboard/js/dashboard.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (5 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/reposystem/reposystem/stateful-artefacts/annotation-layer/annotations.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "innerHTML assignment -- XSS risk, use textContent or SafeDOM (7 occurrences, CWE-79)",
    "type": "js_innerhtml",
    "file": "/home/runner/work/reposystem/reposystem/web/app.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "high"
  },
  {
    "reason": "HTTP URL in code -- use HTTPS for non-localhost (16 occurrences, CWE-319)",
    "type": "js_http_url_in_code",
    "file": "/home/runner/work/reposystem/reposystem/web/app.js",
    "action": "flag",
    "rule_module": "code_safety",
    "severity": "medium"
  }
]

Powered by Hypatia Neurosymbolic CI/CD Intelligence